Hi there guys, I'm wondering if it is posible to use

helm_secrets

with Pulumi ?

error: post-step event returned an error: failed to normalize URN references: Two resources ('<urn1>' '<urn2>') aliased to the same: '<urn3>'

this is only detected during execution, could this be made a planning phase detection? Possibly relevant: one of those resources was being imported. It breaks the import, leaving the to-be-imported resources in state ‘unknown’, requiring manual stack edits..

Just started getting a perplexing error. Creating a standard security group, just like I have with Pulumi a dozen times before, and started getting this error:

Error authorizing security group ingress rules: InvalidPermission.Malformed: Unsupported IP protocol "-1"  - supported: [tcp, udp, icmp]

Folks, is there a way, or maybe a workaround that you're aware of, to initialize the contents of a GitLab repository when using the GitLab provider? I'm trying to create GitLab repos from Pulumi, but also "seed" them with an initial structure.

How can I destroy target dependants without the target itself? (This includes the target

pulumi destroy --target-dependents -t  urn:pulumi:dev::leaderboard::aws:ebs/volume:Volume::leaderboard-dev

)

I’m trying to spin up a Cloudformation Stack from a template, and it’s timing out after 20 minutes, even though I’ve set the

timeoutInMinutes

in the args. Am I missing something?

new aws.cloudformation.Stack(`${name}-cfn`, {
  parameters: { ... },
  capabilities: ["CAPABILITY_IAM"],
  timeoutInMinutes: 120
}

The exact error:

aws:cloudformation:Stack (controller-tableau-cfn):
    error: 1 error occurred:
        * creating urn:pulumi:controller::shared-infra-controller::aws:cloudformation/stack:Stack::controller-tableau-cfn: timeout while waiting for state to become 'CREATE_COMPLETE, CREATE_FAILED, DELETE_COMPLETE, DELETE_FAILED, ROLLBACK_COMPLETE, ROLLBACK_FAILED' (last state: 'CREATE_IN_PROGRESS', timeout: 20m0s)

Are there any companies providing SLAs and CTO-in-a-Box like pro services for Pulumi orchestrated infrastructure?

I am having an issue installing Rancher on a freshly created cluster (that was spun up using jaxxstorm/pulumi-rke). I get the following: kubernetes:certmanager.k8s.io:Issuer (rancher/rancher): error: creation of resource rancher/rancher failed because the Kubernetes API server reported that the apiVersion for this resource does not exist. Verify that any required CRDs have been created: no matches for kind “Issuer” in version “certmanager.k8s.io/v1alpha1”

export function setUpK8sProvider(rkeCluster: rke.Cluster): k8s.Provider {
  return new k8s.Provider("rancherCluster", {
    cluster: rkeCluster.clusterName,
    kubeconfig: rkeCluster.kubeConfigYaml
  }, { dependsOn: rkeCluster })
}

export function createNamespace(clusterProvider: k8s.Provider): k8s.core.v1.Namespace {
  return new k8s.core.v1.Namespace("cert-manager", {
    metadata: {
      name: "cert-manager",
      labels: {"<http://certmanager.k8s.io/disable-validation|certmanager.k8s.io/disable-validation>": "true" }
    }
  }, { provider: clusterProvider, dependsOn: [clusterProvider] })
}

export function createCertManager(certManagerNamespace: k8s.core.v1.Namespace, clusterProvider: k8s.Provider): k8s.helm.v3.Chart {
  return new k8s.helm.v2.Chart(
    'cert-manager',
    {
      chart: 'cert-manager',
      version: 'v0.15.1',
      namespace: certManagerNamespace.metadata.name,
      values: {
        installCRDs: true,
      },
      fetchOpts: {
        repo: '<https://charts.jetstack.io>',
      },
    },
    {
      dependsOn: certManagerNamespace,
      provider: clusterProvider
    },
  );
}

export function createRancherServer(serverName: string, clusterProvider: k8s.Provider, certManager: k8s.helm.v3.Chart): k8s.helm.v3.Chart {
  let namespace = new k8s.core.v1.Namespace("rancher", {
    metadata: {
      name: "rancher",
    }
  }, { provider: clusterProvider, dependsOn: [certManager] })

  return new k8s.helm.v2.Chart(serverName, {
    chart: "rancher",
    namespace: namespace.metadata.name,
    fetchOpts: {
      repo: "<https://releases.rancher.com/server-charts/stable>"
    },
    values: {
      "hostname": "<http://rancher.mydomain.com|rancher.mydomain.com>",
      "ingress.tls.source": "letsEncrypt",
      "letsEncrypt.email": "<mailto:myemail@mydomain.com|myemail@mydomain.com>"
    }
  }, { provider: clusterProvider, dependsOn: [namespace] })
}

Any idea where I’m going wrong perhaps?

Is there any way to specify a retry/timeout for

get()

methods like

k8s.core.v1.Service.get

? Imagine creating an operator with pulumi, and needing some info about a

Service

that it will create as a result.

Fun times, if you change the name of some content of a bucket it will first create the new content then delete the old one, but because these both refer a file at the same location in the bucket it will actually replace and then delete cause the bucket content to be deleted

All my external IPs in k8s are pending, what am I missing?

Is there a resource for community-developed ComponentResources?

How do I create a secret in a namespace other than default in kubernetes? I've tried giving it the name

ns/secretname

like the docs suggest, but it doesn't seem to work

The AWS documentation uses the URL format "github.com/kubernetes-sigs/aws-efs-csi-driver/deploy/kubernetes/overlays/stable/?ref=master" when telling you how to install their EFS CSI driver. Using that URL in a

k8s.yaml.ConfigFile

results in a "no such file or directory" error. Visiting that URL in the browser results in a 404. Does anyone have any idea what this URL format is and if/how it could work with Pulumi?

Hello. Is there any way to console.log

pulumi.output

? I’m catching strange behaviour very often and there is no way to debug stacks.

Is there a property that lets you get the security group ID of the EKS created security group on a worker node created with aws.eks.NodeGroup?

Is there any guidance for integrating 'build' tasks into Pulumi. Lets just say extending the S3 static site with the generation step, similar how the docker tasks will build the image for you

I get "InvalidParameterException: Invalid Region in ARN" when doing

pulumi destroy

. Checked the yaml and the region is correct. I think it may have been caused by me changing the region and the attempting a

pulumi up

that failed. Now, no matter what region i set in the config, it gives that error. Can anyone help please?

hi folks, i tried to deploy AKS cluster on Azure Gov and got this error

Addon 'azurepolicy' is not supported in this cloud environment.

It comes from terraform azure provider, doesn't it? Is there any solution or work around available? Thanks

Is there a way to have per-project logins? For example, one project uses a local login, while another uses the Pulumi service. Right now I have to remember to switch logins everytime I go to a new directory/project.

I'm in some weird state. When I do

pulumi up

this one is stuck here:

-   └─ kubernetes:<http://apiextensions.k8s.io:CustomResourceDefinition|apiextensions.k8s.io:CustomResourceDefinition>  <http://challenges.acme.cert-manager.io|challenges.acme.cert-manager.io>  deleting     completing deletion from previous update

If I export the stack I can't see any

pending_operations

and if I try to manually run

helm uninstall cert-manager

I can see that it's not even installed. I've also tried running

pulumi refresh

and just

pulumi stack export | pulumi stack import

but it doesn't help

I'm trying to use the GitLab provider with a private GitLab instance via VPN, but although I've configured the

gitlab:token

and

gitlab:base_url

config values, I get a network error:

error: Get "<https://gitlab.company.com/api/v4/user>": dial tcp: lookup <http://gitlab.company.com|gitlab.company.com> on 8.8.8.8:53: no such host

Where company.com is the redacted version of my actual host. I've double checked using cURL that I can access the instance given the access token that Pulumi uses and it all works great. Any ideas?

I've tried to use the

pulumi/pulumi

Docker image in my CI/CD process, but I've noticed its size is approximately 3GB 😲. Now, I'll probably build my own slimmer image, but I'm curious, if I'm using Pulumi with a TypeScript project, what runtime dependencies do I need except the Pulumi executable and nodejs? Let's say I'm only targeting Azure in my code. Will I need the

az

executable to be present on

PATH

too?

Hey guys/gals, is there away to periodically update deployments (kubernetes)? basically pull a new "latest" image and deploy.

I just discovered Pulumi and i am investigating on how to map this https://github.com/gruntwork-io/terragrunt-infrastructure-live-example in Pulumi. I am thinking about how to structure my project directory in stacks. I was reading https://www.pulumi.com/docs/intro/concepts/organizing-stacks-projects/ but really there is no single multi environment/multi region project example. I think it will be useful to create an example project that map to https://github.com/gruntwork-io/terragrunt-infrastructure-live-example because it is a usual terraform/terragrunt structure.

What are the strategies for deploying lambda functions written in TypeScript in a large project? I’m getting some weird transpilation issues. But also it looks like all of the production dependencies are being bundled, regardless if they are used or not. Surely that’s not efficient. Would bundling with webpack first be the go to approach?

Is there a way to use pulumi to drive straight

docker run

commands with different

docker context

's? - or alternatively any docker-compose like utility? (I understand this is not a primary/intended use case)

anyone had success importing an aws vpc?

Is there a

dry-run

mode in Pulumi?